A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Hunt down social media accounts by username across social networks

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

🕵️‍♂️ Offensive Google framework.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

E-mails, subdomains and names Harvester - OSINT

Impacket is a collection of Python classes for working with network protocols.

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Credentials recovery project

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

The recursive internet scanner for hackers. 🧡

A swiss army knife for pentesting networks

📱 objection - runtime mobile exploration

Web application fuzzer

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Scanning APK file for URIs, endpoints & secrets.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Common User Passwords Profiler (CUPP)

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Windows Exploit Suggester - Next Generation

The Leading Security Assessment Framework for Android.

Veil 3.1.X (Check version info in Veil at runtime)

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.